1. 实验环境
环境 : docker 、harbor、 docker_compose |
2 . 配置主机域名
[root@harbor ~]# cat /etc/hosts #创建主机域名映射
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.120 harbor.snow.com
```shell
[root@localhost ~]# hostnamectl set-hostname harbor #修改主机名称
[root@localhost ~]# bash
[root@harbor ~]# hostname
harbor
### 3. 下载安装harbor docker_compose
```shell
[root@harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.5.arbor-offline-installer-v2.5.3.tgz #安装harbor
[root@harbor ~]# tar xf harbor-offline-installer-v2.5.3.tgz -C /usr/local/src/ #解压安装包
```shell
[root@harbor ~]# curl -SL https://github.com/docker/compose/releases/download/v20/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose #安装docker_compose
### 4. 生成https需要的证书及私钥
```shell
[root@harbor ~]# cd /usr/local/src/harbor/
[root@harbor harbor]# mkdir certs #创建证书及秘钥目录
[root@harbor harbor]# cd certs/
[root@harbor certs]# ls
[root@harbor certs]# openssl genrsa -out ca.key 4096 #创建私钥
Generating RSA private key, 4096 bit long modulus (2 primes)
................................................++++
..................................++++
e is 65537 (0x010001)
[root@harbor certs]# openssl req -x509 -new -nodes -sha512 -days 3650 \ #生成证书
> -subj "/C=CN/ST=Shanghai/L=Shanghai/O=SmartX/OU=Lab/CN=harbor.snow.com" \
> -key ca.key \
> -out ca.crt
[root@harbor certs]# ls
ca.crt ca.key
5.生成服务器私钥及证书签名
[root@harbor certs]# openssl genrsa -out harbor.snow.com.key 4096 #生成服务器证书
Generating RSA private key, 4096 bit long modulus (2 primes)
....................................................................++++
.....++++
e is 65537 (0x010001)
[root@harbor certs]# openssl req -sha512 -new \ #生成证书签名
> -subj "/C=CN/ST=Shanghai/L=Shanghai/O=SmartX/OU=Lab/CN=harbor.snow.com" \
> -key harbor.snow.com.key \
> -out harbor.snow.com.csr
[root@harbor certs]# ls
ca.crt ca.key harbor.snow.com.csr harbor.snow.com.key
6. 生成 x509 v3 扩展文件。以便keyi 为的 Harbor 主机生成符合主题备用名称 (SAN) 和 x509 v3 的证书扩展要求。
[root@harbor certs]# cat v3.ext #该文件以便keyi为的Harbor主机生成符合主题备用名称 (SAN) 和 x509 v3 的证书扩展要求。
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.snow.top
DNS.2=snow.top
DNS.3=harbor
7. 使用v3.ext文件为 Harbor 服务器生成证书。
[root@harbor certs]# openssl x509 -req -sha512 -days 3650 \
> -extfile v3.ext \
> -CA ca.crt -CAkey ca.key -CAcreateserial \
> -in harbor.snow.com.csr \
> -out harbor.snow.com.crt
Signature ok
subject=C = CN, ST = Shanghai, L = Shanghai, O = SmartX, OU = Lab, CN = harbor.s.com
Getting CA Private Key
[root@harbor certs]# openssl x509 -inform PEM -in harbor.snow.com.crt -out harbonow.com.cert
#将 harbor.snow.com.crt 转换为 harbor.snow.com.cert , 供 Docker 使用。
#Docker 守护进程将.crt文件解释为 CA 证书,.cert将文件解释为客户端证书。
8. 配置harbor文件
[root@harbor harbor]# vim harbor.yml.tmpl
hostname: harbor.snow.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /usr/local/src/harbor/certs/harbor.snow.com.cert
private_key: /usr/local/src/harbor/certs/harbor.snow.com.key
[root@harbor harbor]# ./install.sh #安装harbor
[Step 0]: checking if docker is installed ...
Note: docker version: 24.0.7
[Step 1]: checking docker-compose is installed ...
✖ Need to install docker-compose(1.18.0+) by yourself first and run this script in.
#报错提示没有安装docker_compose,下面是解决方案
[root@harbor ~]# cd /usr/local/bin/
[root@harbor bin]# ls
docker-compose
[root@harbor bin]# chmod +x docker-compose
[root@harbor bin]# cd /usr/local/src/harbor/
[root@harbor harbor]# ./install.sh #再次安装又失败了
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/src/harbor
no config file: /usr/local/src/harbor/harbor.yml
#报错是因为没有这个文件/usr/local/src/harbor/harbor.yml
#解决
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml #复制该文件
[root@harbor harbor]# ./install.sh #再次安装成功
[root@harbor harbor]# docker ps #查看docker正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2d24b0db8bfc goharbor/harbor-jobservice:v2.5.3 "/harbor/entrypoint.…" 13 seconds ago Up 7 seconds (health: starting) harbor-jobservice
8f40a7c99ed9 goharbor/nginx-photon:v2.5.3 "nginx -g 'daemon of…" 13 seconds ago Up 7 seconds (health: starting) 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp nginx
d60c2cf42f39 goharbor/harbor-core:v2.5.3 "/harbor/entrypoint.…" 13 seconds ago Up 8 seconds (health: starting) harbor-core
38ad77d452f0 goharbor/harbor-portal:v2.5.3 "nginx -g 'daemon of…" 13 seconds ago Up 10 seconds (health: starting) harbor-portal
24b9ece9c959 goharbor/harbor-db:v2.5.3 "/docker-entrypoint.…" 13 seconds ago Up 9 seconds (health: starting) harbor-db
5373fe97f4a3 goharbor/registry-photon:v2.5.3 "/home/harbor/entryp…" 13 seconds ago Up 9 seconds (health: starting) registry
fda8a445347c goharbor/harbor-registryctl:v2.5.3 "/home/harbor/start.…" 13 seconds ago Up 9 seconds (health: starting) registryctl
ae4de62f5ca0 goharbor/redis-photon:v2.5.3 "redis-server /etc/r…" 13 seconds ago Up 9 seconds (health: starting) redis
806dc5b22866 goharbor/harbor-log:v2.5.3 "/bin/sh -c /usr/loc…" 13 seconds ago Up 12 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log
9. 安装成功后验证harbor
在web端创建一个项目
10. 修改docker权限
[root@harbor ~]# cat /etc/docker/daemon.json
{
"insecure-registries":["192.168.100.120","harbor.snow.com"],
"log-driver":"json-file",
"log-opts": {"max-size":"500m", "max-file":"3"}
}
[root@harbor ~]# cat /root/.docker/config.json
{
"auths": {
"harbor.snow.com": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
},
"https://harbor.snow.com": {}
}
}
11.登录仓库
[root@harbor ~]# docker login harbor.snow.com #登录到harbor仓库
WARNING: Error loading config file: /root/.docker/config.json: illegal base64 data at input byte 6
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@harbor ~]# docker images #查看主机上的镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.5.3 d9a8cfa37cf8 17 months ago 87.2MB
goharbor/chartmuseum-photon v2.5.3 788b207156ad 17 months ago 225MB
goharbor/redis-photon v2.5.3 5dc5331f3de8 17 months ago 154MB
goharbor/trivy-adapter-photon v2.5.3 27798821348a 17 months ago 251MB
goharbor/notary-server-photon v2.5.3 c686413b72ce 17 months ago 112MB
goharbor/notary-signer-photon v2.5.3 a3bc1def3f94 17 months ago 109MB
goharbor/harbor-registryctl v2.5.3 942de6829d43 17 months ago 136MB
goharbor/registry-photon v2.5.3 fb1278854b91 17 months ago 77.9MB
goharbor/nginx-photon v2.5.3 91877cbc147a 17 months ago 44.3MB
goharbor/harbor-log v2.5.3 ca36fb3b68a6 17 months ago 161MB
goharbor/harbor-jobservice v2.5.3 75e6a7496590 17 months ago 227MB
goharbor/harbor-core v2.5.3 93a775677473 17 months ago 203MB
goharbor/harbor-portal v2.5.3 d78f9bbad9ee 17 months ago 52.6MB
goharbor/harbor-db v2.5.3 bd50ae1eccdf 17 months ago 224MB
goharbor/prepare v2.5.3 15102b9ebde6 17 months ago 166MB
nginx latest 605c77e624dd 23 months ago 141MB
[root@harbor ~]# docker tag nginx:latest harbor.snow.com/haha/nginx:v1
[root@harbor ~]# docker push harbor.snow.com/haha/nginx:v1
The push refers to repository [harbor.snow.com/haha/nginx]
d874fd2bc83b: Pushed
32ce5f6a5106: Pushed
f1db227348d0: Pushed
b8d6e692a25e: Pushed
e379e8aedd4d: Pushed
2edcec3590a4: Pushed
v1: digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3 size: 1570
在web端查看镜像
12. 测试下拉镜像
[root@harbor ~]# docker images #查看主机上镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.5.3 d9a8cfa37cf8 17 months ago 87.2MB
goharbor/chartmuseum-photon v2.5.3 788b207156ad 17 months ago 225MB
goharbor/redis-photon v2.5.3 5dc5331f3de8 17 months ago 154MB
goharbor/trivy-adapter-photon v2.5.3 27798821348a 17 months ago 251MB
goharbor/notary-server-photon v2.5.3 c686413b72ce 17 months ago 112MB
goharbor/notary-signer-photon v2.5.3 a3bc1def3f94 17 months ago 109MB
goharbor/harbor-registryctl v2.5.3 942de6829d43 17 months ago 136MB
goharbor/registry-photon v2.5.3 fb1278854b91 17 months ago 77.9MB
goharbor/nginx-photon v2.5.3 91877cbc147a 17 months ago 44.3MB
goharbor/harbor-log v2.5.3 ca36fb3b68a6 17 months ago 161MB
goharbor/harbor-jobservice v2.5.3 75e6a7496590 17 months ago 227MB
goharbor/harbor-core v2.5.3 93a775677473 17 months ago 203MB
goharbor/harbor-portal v2.5.3 d78f9bbad9ee 17 months ago 52.6MB
goharbor/harbor-db v2.5.3 bd50ae1eccdf 17 months ago 224MB
goharbor/prepare v2.5.3 15102b9ebde6 17 months ago 166MB
nginx latest 605c77e624dd 23 months ago 141MB
harbor.snow.com/haha/nginx v1 605c77e624dd 23 months ago 141MB
[root@harbor ~]# docker rmi harbor.snow.com/haha/nginx:v1 #删除已经存在就镜像
Untagged: harbor.snow.com/haha/nginx:v1
Untagged: harbor.snow.com/haha/nginx@sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3
[root@harbor ~]# docker pull harbor.snow.com/haha/nginx@sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3 #在项目里面复制链接下拉镜像
harbor.snow.com/haha/nginx@sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3: Pulling from haha/nginx
Digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3
Status: Downloaded newer image for harbor.snow.com/haha/nginx@sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3
harbor.snow.com/haha/nginx@sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3
[root@harbor ~]# docker images #下拉成功
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.5.3 d9a8cfa37cf8 17 months ago 87.2MB
goharbor/chartmuseum-photon v2.5.3 788b207156ad 17 months ago 225MB
goharbor/redis-photon v2.5.3 5dc5331f3de8 17 months ago 154MB
goharbor/trivy-adapter-photon v2.5.3 27798821348a 17 months ago 251MB
goharbor/notary-server-photon v2.5.3 c686413b72ce 17 months ago 112MB
goharbor/notary-signer-photon v2.5.3 a3bc1def3f94 17 months ago 109MB
goharbor/harbor-registryctl v2.5.3 942de6829d43 17 months ago 136MB
goharbor/registry-photon v2.5.3 fb1278854b91 17 months ago 77.9MB
goharbor/nginx-photon v2.5.3 91877cbc147a 17 months ago 44.3MB
goharbor/harbor-log v2.5.3 ca36fb3b68a6 17 months ago 161MB
goharbor/harbor-jobservice v2.5.3 75e6a7496590 17 months ago 227MB
goharbor/harbor-core v2.5.3 93a775677473 17 months ago 203MB
goharbor/harbor-portal v2.5.3 d78f9bbad9ee 17 months ago 52.6MB
goharbor/harbor-db v2.5.3 bd50ae1eccdf 17 months ago 224MB
goharbor/prepare v2.5.3 15102b9ebde6 17 months ago 166MB
nginx latest 605c77e624dd 23 months ago 141MB
harbor.snow.com/haha/nginx <none> 605c77e624dd 23 months ago 141MB
[root@harbor ~]# docker rmi 605 #删除nginx相关所有镜像
[root@harbor ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.5.3 d9a8cfa37cf8 17 months ago 87.2MB
goharbor/chartmuseum-photon v2.5.3 788b207156ad 17 months ago 225MB
goharbor/redis-photon v2.5.3 5dc5331f3de8 17 months ago 154MB
goharbor/trivy-adapter-photon v2.5.3 27798821348a 17 months ago 251MB
goharbor/notary-server-photon v2.5.3 c686413b72ce 17 months ago 112MB
goharbor/notary-signer-photon v2.5.3 a3bc1def3f94 17 months ago 109MB
goharbor/harbor-registryctl v2.5.3 942de6829d43 17 months ago 136MB
goharbor/registry-photon v2.5.3 fb1278854b91 17 months ago 77.9MB
goharbor/nginx-photon v2.5.3 91877cbc147a 17 months ago 44.3MB
goharbor/harbor-log v2.5.3 ca36fb3b68a6 17 months ago 161MB
goharbor/harbor-jobservice v2.5.3 75e6a7496590 17 months ago 227MB
goharbor/harbor-core v2.5.3 93a775677473 17 months ago 203MB
goharbor/harbor-portal v2.5.3 d78f9bbad9ee 17 months ago 52.6MB
goharbor/harbor-db v2.5.3 bd50ae1eccdf 17 months ago 224MB
goharbor/prepare v2.5.3 15102b9ebde6 17 months ago 166MB
[root@harbor ~]# docker pull harbor.snow.com/haha/nginx:v1 #使用仓库名称也能下拉成功
v1: Pulling from haha/nginx
a2abf6c4d29d: Pull complete
a9edb18cadd1: Pull complete
589b7251471a: Pull complete
186b1aaa4aa6: Pull complete
b4df32aa5a72: Pull complete
a0bcbecc962e: Pull complete
Digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3
Status: Downloaded newer image for harbor.snow.com/haha/nginx:v1
harbor.snow.com/haha/nginx:v1
[root@harbor ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.5.3 d9a8cfa37cf8 17 months ago 87.2MB
goharbor/chartmuseum-photon v2.5.3 788b207156ad 17 months ago 225MB
goharbor/redis-photon v2.5.3 5dc5331f3de8 17 months ago 154MB
goharbor/trivy-adapter-photon v2.5.3 27798821348a 17 months ago 251MB
goharbor/notary-server-photon v2.5.3 c686413b72ce 17 months ago 112MB
goharbor/notary-signer-photon v2.5.3 a3bc1def3f94 17 months ago 109MB
goharbor/harbor-registryctl v2.5.3 942de6829d43 17 months ago 136MB
goharbor/registry-photon v2.5.3 fb1278854b91 17 months ago 77.9MB
goharbor/nginx-photon v2.5.3 91877cbc147a 17 months ago 44.3MB
goharbor/harbor-log v2.5.3 ca36fb3b68a6 17 months ago 161MB
goharbor/harbor-jobservice v2.5.3 75e6a7496590 17 months ago 227MB
goharbor/harbor-core v2.5.3 93a775677473 17 months ago 203MB
goharbor/harbor-portal v2.5.3 d78f9bbad9ee 17 months ago 52.6MB
goharbor/harbor-db v2.5.3 bd50ae1eccdf 17 months ago 224MB
goharbor/prepare v2.5.3 15102b9ebde6 17 months ago 166MB
harbor.snow.com/haha/nginx v1 605c77e624dd 23 months ago 141MB
参考:
添加链接描述